<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第173期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第173期）</strong></h5>
<blockquote> 2017/06/19-2017/06/25</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>控制域名忘记续费，三星数百万台手机陷入“任人宰割”境地<br><a target="_blank" href="http://www.4hou.com/info/news/5548.html">http://www.4hou.com/info/news/5548.html</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>毕裕：从电脑少年到威胁猎人 他要将账号安全做到极致<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652880455&amp;idx=1&amp;sn=14cde1dff8bbe7141c9d1bfe9d6015ef&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652880455&amp;idx=1&amp;sn=14cde1dff8bbe7141c9d1bfe9d6015ef&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>维基解密揭露针对网闸设备和封闭网络的CIA工具<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI2NzM3MTQ1Mw==&amp;mid=2247484066&amp;idx=1&amp;sn=a621127befdc3b9192e7066b63279531&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI2NzM3MTQ1Mw==&amp;mid=2247484066&amp;idx=1&amp;sn=a621127befdc3b9192e7066b63279531&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>中国网络安全企业50强（2017年上半年） <br><a target="_blank" href="https://www.easyaq.com/news/897276489.shtml">https://www.easyaq.com/news/897276489.shtml</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>首届中国数据安全峰会上阿里和华为都讲了啥<br><a target="_blank" href="http://www.aqniu.com/industry/26134.html">http://www.aqniu.com/industry/26134.html</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>《网络安全法》概要及企业应对介绍中文版<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIyODcxODI5MA==&amp;mid=2247484302&amp;idx=1&amp;sn=dcb296a41955ea7e1cd38d55d949af10&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzIyODcxODI5MA==&amp;mid=2247484302&amp;idx=1&amp;sn=dcb296a41955ea7e1cd38d55d949af10&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[爆库]&nbsp;&nbsp;</span>The RNC Files: Inside the Largest US Voter Data Leak<br><a target="_blank" href="https://www.upguard.com/breaches/the-rnc-files">https://www.upguard.com/breaches/the-rnc-files</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>腾讯云鼎实验室掌门人killer专访：安全路上，杀手没有假期<br><a target="_blank" href="http://www.freebuf.com/articles/people/137348.html">http://www.freebuf.com/articles/people/137348.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>32TB of Windows 10 internal builds, core source code leak online<br><a target="_blank" href="http://www.theregister.co.uk/2017/06/23/windows_10_leak/">http://www.theregister.co.uk/2017/06/23/windows_10_leak/</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>维基解密爆料美国中情局文件事件综述<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&amp;mid=2664108726&amp;idx=1&amp;sn=168cd3bae9760c5ac5cc7ed34373d5c0&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&amp;mid=2664108726&amp;idx=1&amp;sn=168cd3bae9760c5ac5cc7ed34373d5c0&amp;scene=0#wechat_redirect</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>druid/wallfilter：基于SQL语义分析来实现防御SQL注入攻击<br><a target="_blank" href="https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter">https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>CloudFail: 查找CloudFlare CDN 背后的真实 IP 地址<br><a target="_blank" href="https://github.com/m0rtem/CloudFail">https://github.com/m0rtem/CloudFail</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Rasp 技术介绍与实现<br><a target="_blank" href="http://paper.seebug.org/330/">http://paper.seebug.org/330/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>scikit-learn随机森林调参小结<br><a target="_blank" href="http://www.cnblogs.com/pinard/p/6160412.html">http://www.cnblogs.com/pinard/p/6160412.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Kaggle初探--房价预测案例之数据分析<br><a target="_blank" href="http://www.jianshu.com/p/62716b33e7be">http://www.jianshu.com/p/62716b33e7be</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>强大的内网域渗透提权分析工具——BloodHound<br><a target="_blank" href="http://www.4hou.com/penetration/5554.html">http://www.4hou.com/penetration/5554.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Tomcat 源代码调试笔记 - 看不见的 Shell<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5Nzc0OTkxOQ==&amp;mid=2247483666&amp;idx=1&amp;sn=6421b39037735953fa3148bdbf5bf912&amp;chksm=ecb11de2dbc694f4e00a55667fdc81387d53494788f43ec90327fa64f8c02fa6805fc0577671&amp;mpshare=1&amp;scene=1&amp;srcid=0623Z7avuWtePZvyDd2GWbOi&amp;key=f0ee669">https://mp.weixin.qq.com/s?__biz=MzI5Nzc0OTkxOQ==&amp;mid=2247483666&amp;idx=1&amp;sn=6421b39037735953fa3148bdbf5bf912&amp;chksm=ecb11de2dbc694f4e00a55667fdc81387d53494788f43ec90327fa64f8c02fa6805fc0577671&amp;mpshare=1&amp;scene=1&amp;srcid=0623Z7avuWtePZvyDd2GWbOi&amp;key=f0ee669</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>2017 GCTF（全球华人网络安全技能大赛）线上赛writeup<br><a target="_blank" href="http://www.freebuf.com/articles/others-articles/137491.html">http://www.freebuf.com/articles/others-articles/137491.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>电子数据取证技能树 (V1)<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzUyNTA2MTQ5Mw==&amp;mid=2247483707&amp;idx=1&amp;sn=584d666fb85762354378d0919dad5ed5&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzUyNTA2MTQ5Mw==&amp;mid=2247483707&amp;idx=1&amp;sn=584d666fb85762354378d0919dad5ed5&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>路由器固件安全分析技术（一）<br><a target="_blank" href="https://www.vulbox.com/knowledge/detail/?id=35">https://www.vulbox.com/knowledge/detail/?id=35</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>CTF比赛中SQL注入的一些经验总结<br><a target="_blank" href="http://www.freebuf.com/articles/web/137094.html">http://www.freebuf.com/articles/web/137094.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>甲方安全建设步骤 <br><a target="_blank" href="http://pirogue.org/2017/06/17/%E7%94%B2%E6%96%B9%E5%AE%89%E5%85%A8%E5%BB%BA%E8%AE%BE%E6%AD%A5%E9%AA%A4/">http://pirogue.org/2017/06/17/%E7%94%B2%E6%96%B9%E5%AE%89%E5%85%A8%E5%BB%BA%E8%AE%BE%E6%AD%A5%E9%AA%A4/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>轻松组建分布式 pyspider 集群<br><a target="_blank" href="https://imlonghao.com/10.html">https://imlonghao.com/10.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>FIN7 APT组织攻击木马分析报告<br><a target="_blank" href="http://www.freebuf.com/articles/network/137612.html">http://www.freebuf.com/articles/network/137612.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>没有钱的安全部之资产安全<br><a target="_blank" href="http://www.jianshu.com/p/572431447613?from=timeline">http://www.jianshu.com/p/572431447613?from=timeline</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>班主任之眼！——看穿验证码少女の薄纱<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA5ODUxOTA5Mg==&amp;mid=2652553452&amp;idx=1&amp;sn=64488941360b6ecf39bd87692a2fbfc3&amp;chksm=8b7e31b7bc09b8a1cfa12b807cd30f21f86f261587fab6ae9e6e96e4d9565cc8caf4de21a8de&amp;mpshare=1&amp;scene=1&amp;srcid=0618wdfKfLDuFKYK6o4IQqPN&amp;key=110a1ce">https://mp.weixin.qq.com/s?__biz=MzA5ODUxOTA5Mg==&amp;mid=2652553452&amp;idx=1&amp;sn=64488941360b6ecf39bd87692a2fbfc3&amp;chksm=8b7e31b7bc09b8a1cfa12b807cd30f21f86f261587fab6ae9e6e96e4d9565cc8caf4de21a8de&amp;mpshare=1&amp;scene=1&amp;srcid=0618wdfKfLDuFKYK6o4IQqPN&amp;key=110a1ce</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>设计安全：漏洞扫描在Web应用安全的作用<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247484831&amp;idx=1&amp;sn=d037b43cfbd614df1019e7bb2a388348&amp;chksm=ebcafa09dcbd731ff7cd4a01c474017a8aa6f4be88d5aa7df4b03c85823936627c78c7cd30bc&amp;mpshare=1&amp;scene=1&amp;srcid=0620T2t4AdI8fWieqAJ8Xwhj&amp;key=7dad740">https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247484831&amp;idx=1&amp;sn=d037b43cfbd614df1019e7bb2a388348&amp;chksm=ebcafa09dcbd731ff7cd4a01c474017a8aa6f4be88d5aa7df4b03c85823936627c78c7cd30bc&amp;mpshare=1&amp;scene=1&amp;srcid=0620T2t4AdI8fWieqAJ8Xwhj&amp;key=7dad740</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Kali Linux中优秀Wifi渗透工具TOP 10<br><a target="_blank" href="http://www.freebuf.com/sectool/137163.html">http://www.freebuf.com/sectool/137163.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>域渗透提权分析工具 BloodHound 1.3 中的ACL攻击路径介绍<br><a target="_blank" href="http://www.4hou.com/penetration/5752.html">http://www.4hou.com/penetration/5752.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>跨站的艺术-XSS入门与介绍 <br><a target="_blank" href="http://www.fooying.com/the-art-of-xss-1-introduction/">http://www.fooying.com/the-art-of-xss-1-introduction/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Java反序列化漏洞分析|漏洞研究<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1757.html">https://xianzhi.aliyun.com/forum/read/1757.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>子域名发掘神器：AQUATONE<br><a target="_blank" href="http://www.freebuf.com/sectool/137806.html">http://www.freebuf.com/sectool/137806.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>vlany：Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)<br><a target="_blank" href="https://github.com/mempodippy/vlany">https://github.com/mempodippy/vlany</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>不止Kali 和 Aircrack-ng | 无线渗透工具合集<br><a target="_blank" href="http://www.4hou.com/tools/5584.html">http://www.4hou.com/tools/5584.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Windows Server中的 WINS 服务器远程内存损坏漏洞分析<br><a target="_blank" href="http://www.4hou.com/vulnerable/5635.html">http://www.4hou.com/vulnerable/5635.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>菜鸟学代码审计-PIMS三个漏洞+里程密最新版V2.3 SQL注入漏洞<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1761.html">https://xianzhi.aliyun.com/forum/read/1761.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>The Stack Clash<br><a target="_blank" href="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt">https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Web 前端安全：从MVVM 框架说起<br><a target="_blank" href="https://speakerdeck.com/oritz/mvvm-framework-security">https://speakerdeck.com/oritz/mvvm-framework-security</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>2017年度移动APP 安全漏洞与数据泄露现状报告<br><a target="_blank" href="http://image.3001.net/uploads/pdf/2017%E5%B9%B4%E5%BA%A6%E7%A7%BB%E5%8A%A8App%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E%E4%B8%8E%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E7%8E%B0%E7%8A%B6%E6%8A%A5%E5%91%8A%20BY%20FreeBuf.pdf">http://image.3001.net/uploads/pdf/2017%E5%B9%B4%E5%BA%A6%E7%A7%BB%E5%8A%A8App%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E%E4%B8%8E%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E7%8E%B0%E7%8A%B6%E6%8A%A5%E5%91%8A%20BY%20FreeBuf.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Pcap_tools: 基于网络流量包的漏洞自动化分析<br><a target="_blank" href="https://github.com/pythonran/Pcap_tools">https://github.com/pythonran/Pcap_tools</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>使用Python检测并绕过Web应用程序防火墙<br><a target="_blank" href="http://www.4hou.com/penetration/5698.html">http://www.4hou.com/penetration/5698.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>基于USB armory 制作一个USB恶意软件分析器<br><a target="_blank" href="http://www.4hou.com/technology/5525.html">http://www.4hou.com/technology/5525.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>The PHP module rootkit [CODE]<br><a target="_blank" href="https://github.com/Paradoxis/PHP-Rootkit">https://github.com/Paradoxis/PHP-Rootkit</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>我当初是怎么管理技术团队的<br><a target="_blank" href="http://www.cnblogs.com/zhengyun_ustc/p/7047366.html">http://www.cnblogs.com/zhengyun_ustc/p/7047366.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>从无效的DNS流量中检测基于DGA的恶意程序<br><a target="_blank" href="http://paper.kakapo.ml/?p=135">http://paper.kakapo.ml/?p=135</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>逆向分析华为E5573 4G Modem<br><a target="_blank" href="http://www.4hou.com/technology/5744.html">http://www.4hou.com/technology/5744.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Wannacry深度解析：第一阶段tasksche<br><a target="_blank" href="http://www.freebuf.com/vuls/135822.html">http://www.freebuf.com/vuls/135822.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>怎样构建基于SDN网络的自动化运维系统<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA4Nzg5Nzc5OA==&amp;mid=2651667064&amp;idx=1&amp;sn=8b872635c9da1577802269d926e33bcb&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzA4Nzg5Nzc5OA==&amp;mid=2651667064&amp;idx=1&amp;sn=8b872635c9da1577802269d926e33bcb&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>我是如何拿下破冰项目的|技术讨论<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1769.html">https://xianzhi.aliyun.com/forum/read/1769.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Share with care: Exploiting a Firefox UAF with shared array buffers<br><a target="_blank" href="https://phoenhex.re/2017-06-21/firefox-structuredclone-refleak">https://phoenhex.re/2017-06-21/firefox-structuredclone-refleak</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Django两则CVE-2017-7233和CVE-2017-7234url跳转漏洞分析<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1746.html">https://xianzhi.aliyun.com/forum/read/1746.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>浏览器指纹和追踪 <br><a target="_blank" href="https://0x0d.im/archives/broswer-fingerprint-and-tracking.html">https://0x0d.im/archives/broswer-fingerprint-and-tracking.html</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>Gartner公布2017年顶级安全技术<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwOTA1MDAyNA==&amp;mid=2649841199&amp;idx=4&amp;sn=0dcad94c5f9930866bff7bae6cc3ff68&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzIwOTA1MDAyNA==&amp;mid=2649841199&amp;idx=4&amp;sn=0dcad94c5f9930866bff7bae6cc3ff68&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>VIPROY - VoIP Pen-Test Kit for Metasploit Framework<br><a target="_blank" href="https://github.com/fozavci/viproy-voipkit">https://github.com/fozavci/viproy-voipkit</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>走近黑客雇佣市场：刀尖上“跳舞”，悬崖边狂欢<br><a target="_blank" href="http://www.freebuf.com/news/137646.html">http://www.freebuf.com/news/137646.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>The OpenVPN post-audit bug bonanza <br><a target="_blank" href="https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/">https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>网络安全框架：联邦机构实施指南<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247484929&amp;idx=1&amp;sn=f94a98bacfa8cbca30765fc581112d9c&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247484929&amp;idx=1&amp;sn=f94a98bacfa8cbca30765fc581112d9c&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>利用USB Flash Drive 黑掉马自达汽车<br><a target="_blank" href="https://www.bleepingcomputer.com/news/security/you-can-hack-some-mazda-cars-with-a-usb-flash-drive/">https://www.bleepingcomputer.com/news/security/you-can-hack-some-mazda-cars-with-a-usb-flash-drive/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>angel: 高性能分布式机器学习平台<br><a target="_blank" href="https://github.com/Tencent/angel">https://github.com/Tencent/angel</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>NTP/SNMP amplification attacks Carnal0wnage<br><a target="_blank" href="http://carnal0wnage.attackresearch.com/2017/06/ntpsnmp-amplification-attacks.html">http://carnal0wnage.attackresearch.com/2017/06/ntpsnmp-amplification-attacks.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>A PoC that the USB port is an attack surface for a Mazda car&#039;s<br><a target="_blank" href="https://github.com/shipcod3/mazda_getInfo">https://github.com/shipcod3/mazda_getInfo</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>waidps: Wireless Auditing, Intrusion Detection &amp; Prevention System<br><a target="_blank" href="https://github.com/SYWorks/waidps">https://github.com/SYWorks/waidps</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>NSA OSS Technologies 美国国家安全局开源技术<br><a target="_blank" href="https://nationalsecurityagency.github.io/">https://nationalsecurityagency.github.io/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>trollface: AirDrop trollfaces to everyone.<br><a target="_blank" href="https://github.com/neonichu/trolldrop">https://github.com/neonichu/trolldrop</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>一文读懂特征工程<br><a target="_blank" href="https://mp.weixin.qq.com/s/CkDzLZCXOF6zzrn6_dd6Jw">https://mp.weixin.qq.com/s/CkDzLZCXOF6zzrn6_dd6Jw</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>snodew：PHP root (suid) reverse shell<br><a target="_blank" href="https://github.com/mempodippy/snodew">https://github.com/mempodippy/snodew</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>2017年上半年网络诈骗趋势研究报告<br><a target="_blank" href="http://zt.360.cn/1101061855.php?dtid=1101062366&amp;did=490534325">http://zt.360.cn/1101061855.php?dtid=1101062366&amp;did=490534325</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Findsploit: Find exploits in local and online databases<br><a target="_blank" href="https://github.com/1N3/Findsploit">https://github.com/1N3/Findsploit</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>针对工业控制系统的新型攻击武器 Industroyer 深度剖析<br><a target="_blank" href="http://paper.seebug.org/328/">http://paper.seebug.org/328/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>20170616-信用评分模型<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4OTQ3MTI2NA==&amp;mid=2247483810&amp;idx=1&amp;sn=7bc6d03ac221d74b850418747a8c8bdf&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4OTQ3MTI2NA==&amp;mid=2247483810&amp;idx=1&amp;sn=7bc6d03ac221d74b850418747a8c8bdf&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>An easy way to pwn most of the vivotek network cameras<br><a target="_blank" href="https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras">https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>【技术分享】针对巴基斯坦的某APT活动事件分析<br><a target="_blank" href="http://bobao.360.cn/learning/detail/4020.html">http://bobao.360.cn/learning/detail/4020.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>大数据、机器学习推动下的验证码技术发展：网易易盾验证码评测与解读<br><a target="_blank" href="http://www.freebuf.com/articles/network/133358.html">http://www.freebuf.com/articles/network/133358.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>RussiaDNSLeak: Summary and archives of leaked Russian TLD DNS data<br><a target="_blank" href="https://github.com/mandatoryprogrammer/RussiaDNSLeak">https://github.com/mandatoryprogrammer/RussiaDNSLeak</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>有效的基于区域的网络威胁信息共享<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247484946&amp;idx=1&amp;sn=6b902472c87438b47c5227c0d6d5de59&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247484946&amp;idx=1&amp;sn=6b902472c87438b47c5227c0d6d5de59&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Deployment checklist for securely deploying Docker<br><a target="_blank" href="https://github.com/GDSSecurity/Docker-Secure-Deployment-Guidelines">https://github.com/GDSSecurity/Docker-Secure-Deployment-Guidelines</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>SCADA Penetration Testing: Do I need to be prepared<br><a target="_blank" href="http://research.aurainfosec.io/scada-penetration-testing/">http://research.aurainfosec.io/scada-penetration-testing/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>聊聊容器网络那些事儿<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA5OTAyNzQ2OA==&amp;mid=2649691135&amp;idx=1&amp;sn=bb0b74bdc5d0904eb23772d83a5f09a5&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzA5OTAyNzQ2OA==&amp;mid=2649691135&amp;idx=1&amp;sn=bb0b74bdc5d0904eb23772d83a5f09a5&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>malwaresearch: A command line tool to find malwares<br><a target="_blank" href="https://github.com/MalwareReverseBrasil/malwaresearch">https://github.com/MalwareReverseBrasil/malwaresearch</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>A Pentester’s Guide to Group Scoping<br><a target="_blank" href="http://www.harmj0y.net/blog/activedirectory/a-pentesters-guide-to-group-scoping/">http://www.harmj0y.net/blog/activedirectory/a-pentesters-guide-to-group-scoping/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Rethinking a Secure Internet of Things <br><a target="_blank" href="http://iot.stanford.edu/doc/SITP-summary-2016-project.pdf">http://iot.stanford.edu/doc/SITP-summary-2016-project.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Authentication bypass on Airbnb via OAuth tokens theft<br><a target="_blank" href="https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/">https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Your interpreter isn’t safe anymore — The PHP module rootkit<br><a target="_blank" href="https://blog.paradoxis.nl/your-interpreter-isnt-safe-anymore-the-php-module-rootkit-c7ca6a1a9af5">https://blog.paradoxis.nl/your-interpreter-isnt-safe-anymore-the-php-module-rootkit-c7ca6a1a9af5</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SecWiki周刊（第172期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/172">https://www.sec-wiki.com/weekly/172</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/173">SecWiki周刊(第173期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
